<?php

require_once ("bin/data.php");
require_once ("bin/_variables.php");

$title = "Sign In";
$link="";
$header="";
$footer="";
$content = <<<EOF
<h2>Sign In!</h2>
<div id="formentry">
<span>Please enter your credentials to sign into {$siteName}:</span>
<form action="signin.php" method="post">
<table border="0" width="100%">
<tr>
	<td align="right" width="40%">
		<span>Username:</span>
	</td>
	<td>
		<input type="text" name="u" id="u" value="" />
	</td>
</tr>
<tr>
	<td align="right">
		<span>Password:</span>
	</td>
	<td>
		<input type="password" name="p" id="p" value="" />
	</td>
</tr>
<tr>
	<td align="right">
		<span>Remember Me:</span>
	</td>
	<td>
		<input type="checkbox" name="r" id="r" value="" />
	</td>
</tr>
<tr>
	<td></td>
	<td>
		<input type="hidden" name="si" id="si" value="true" />
		<input type="submit" name="s" id="s" value="Sign In" />
	</td>
</tr>
</table>
</form>
</div>

<h2>I forget my username!</h2>
<div id="formentry">
<span>If you have forgotten your username, please provide your email address:</span>
<form action="signin.php" method="post">
<table width="100%" border="0">
<tr>
	<td align="right" width="40%">
		<span>Email Address:</span>
	</td>
	<td>
		<input type="text" name="e" id="e" value="" />
	</td>
</tr>
<tr>
	<td></td>
	<td>
		<input type="hidden" name="rsu" id="rsu" value="true" />
		<input type="submit" name="s" id="s" value="Send Username" />
	</td>
</tr>
</table>
</form>
</div>

<h2>I forget my password!</h2>
<div id="formentry">
<span>If you have forgotten your password, please provide your username:</span>
<form action="signin.php" method="post">
<table width="100%" border="0">
<tr>
	<td align="right" width="40%">
		<span>Username:</span>
	</td>
	<td>
		<input type="text" name="u" id="u" value="" />
	</td>
</tr>
<tr>
	<td></td>
	<td>
		<input type="hidden" name="rsp" id="rsp" value="true" />
		<input type="submit" name="s" id="s" value="Send Password" />
	</td>
</tr>
</table>
</form>
</div>
EOF;
if (isset($_REQUEST['rsu']))
{
	global $mailFrom;
	global $siteName;
	global $content;
	
	$email = mysql_real_escape_string($_REQUEST['e']);
	$sql = "SELECT username FROM `$tblusers` WHERE email = '$email'";
	$result = mysql_query($sql) or die(mysql_error() );
	$numrows = @mysql_num_rows($result);

	if ($numrows>0)
	{
		$row = @mysql_fetch_array($result);
		$uname = $row['username'];
		$headers = 'MIME-Version: 1.0' . "\r\n";
		$headers .= 'Content-type: text/plain; charset=iso-8859-1' . "\r\n";
		$headers .= 'From: '.$mailFrom."\r\n";
		$message = 'Greetings '.$uname.',

Here is your requested username for '.$siteName.'.com:

Your username is: '.$uname;

		@mail($email, "$siteName.com Registration", $message, $headers);
$content = <<<EOF
<div id="singlelinereply">Your username has been sent to your email address. Please check your inbox, then <a href="signin.php">Sign In</a>.</div>
EOF;
	}
	else
	{
	$content = <<<EOF
<div id="singlelinereply">Your username could not be located. Please press your 'back' button to try again.</div>
EOF;

	}
}

if (isset($_REQUEST['rsp']))
{
	global $mailFrom;
	global $siteName;
	
	$uname = mysql_real_escape_string($_REQUEST['u']);
	//email $email the username
	$sql = "SELECT email, password FROM `$tblusers` WHERE username = '$uname'";
	$result = mysql_query($sql) or die(mysql_error() );
	$numrows = @mysql_num_rows($result);

	if ($numrows>0)
	{
		$row = @mysql_fetch_array($result);
		$email = $row['email'];
		$password = $row['password'];
		$headers = 'MIME-Version: 1.0' . "\r\n";
		$headers .= 'Content-type: text/plain; charset=iso-8859-1' . "\r\n";
		$headers .= 'From: '.$mailFrom."\r\n";
		$message = 'Greetings '.$uname.',

Here is your password for '.$siteName.'.com:

Your password is: '.$password.'

Please sign in and change your password immediately.';

		@mail($email, "$siteName.com Registration", $message, $headers);
		$content = <<<EOF
		<div id="singlelinereply">Your password has been sent to the email address you used to register. Please check your inbox, then <a href="signin.php">Sign In</a>.</div>
EOF;
	}
	else
	{
	$content = <<<EOF
<div id="singlelinereply">Your username could not be located. Please press your 'back' button to try again.</div>
EOF;

	}
}
if (isset($_REQUEST['so']))
{
	@session_start();
	setcookie("userid",0, time()-3600);	

	@session_destroy();
	header("Location:signin.php");
}
if (isset($_REQUEST['si']))
{
	$uname = mysql_real_escape_string($_REQUEST['u']);
	$pword = mysql_real_escape_string($_REQUEST['p']);
	$sql = "SELECT * FROM `$tblusers` WHERE username = '$uname' AND password = '$pword'";
	$result = mysql_query($sql) or die(mysql_error() );
	$numrows = @mysql_num_rows($result);

	if ($numrows>0)
	{
		$row = @mysql_fetch_array($result);
		$id = $row['id'];
		//start session, store and go to profile.
		@session_start();
		unset($_SESSION["userid"]); 
		
		if (isset($_POST['r']))
			setcookie("userid", $id, 2147483647);
		else
			setcookie("userid", $id, time()+1200);
			
		$_SESSION["userid"] = $id;
		header("Location:profile.php");
	}
	else
	{
		$content= <<<EOF
		<div id="singlelinereply">Sorry, your login information was not found. Please press your 'back' button and ensure you have correctly entered your username and password.</div>
EOF;
	}
}
include ("base.php");
echo $html;
?>
